Russian Android users who are looking to download the popular Minecraft game app from third-party app markets should be very careful, F-Secure researchers told PC Magazine, as a trojanized version of the app is being offered at half the original app's price.

The trojanized Minecraft PE (Pocket Edition) app works as it's expected, so users might not notice that it is sending text messages to premium rate numbers and is signing them up for pricy services until after they receive the next bill from their mobile operator.

This type of malicious cloning and changing of the Minecraft app should not be possible, as its creators have included a check inside the dex code that verifies the signature that has been used to sign the APK (Android application package). If the check fails, the app does not run.

Unfortunately, the malicious app creators have used Smalihook, a tool for hooking Java functions, to hook to modified functions that tell the device that the malicious app has been downloaded from Google Play, and that the aforementioned signature checks out.

"Smalihook seems to be part of the AntiLVL (Android License Verification Library Subversion) cracking tool. The purpose of these tools is to break license protection systems and they are aimed at developers who wants to test their own protections against common types of attacks," F-Secure researchers shared. Of course, the tool can easily be misused by attackers, as we have witnessed here.

It's also interesting to note that in schemes like this one, the developers of trojanized apps usually offer them for free in order to maximize the number of users who download and install them, and they ultimately get a cut of the profits from the sent SMSes and fraudulently bought services.

In this case, the crooks have opted to earn themselves some money even before the app starts performing its malicious routines. The legitimate app costs 5.49 euros, and they are charging 2.50 euros for they trojanized version.

Spotlight

By working with the DevOps team, you can ensure that the production environment is more predictable, auditable and more secure than before. The key is to integrate your security requirements into the DevOps pipeline.

A critical vulnerability in ANTlabs InnGate devices, a popular Internet gateway for visitor-based networks and commonly installed in hotels and convention centers, has been discovered. The flaw could allow an attacker to monitor or tamper with traffic to and from any hotel WiFi user's connection.

In this interview, Raj Samani, VP and CTO EMEA at Intel Security, talks about successful information security strategies aimed at the critical infrastructure, government challenges, the role of regulation, and more.